Security Practices

Wallet Security

Coinfarm runs a first-of-its-kind multisignature deposit and withdrawal scheme. All Coinfarm addresses are multisignature and all storage is kept offline.

Even in the event of a full system compromise, including web servers, trading engine, and database, there would not be enough keys available to an attacker to steal funds.

Additionally, each and every withdrawal on Coinfarm is audited by hand by at least two Coinfarm employees before sending. No private keys are kept on any cloud server and deep cold storage is used for the bulk of funds.

All deposit addresses sent by the Coinfarm system are verified by an external service to ensure they contain the keys controlled by the founders. If the public keys do not match, the system is shut down immediately and trading is halted.

System Security

Coinfarm systems take advantage of Amazon Web Services’ world-class security.

All Coinfarm systems require multiple forms of authentication to access, including hardware tokens. Individual systems are unable to communicate with each other except across approved and monitored channels.

Trading Engine Security

The Coinfarm Trading Engine is the first of its kind. Written in kdb+, a database and toolset used frequently by major banks in high-frequency trading applications, the Coinfarm engine has unprecedented speed and reliability.

Rather than use our speed just to execute more transactions per second, Coinfarm does a full risk check after each and every order placement, trade, settlement, deposit, and withdrawal. At all times, all accounts in the system must sum to zero. If they do not, trading is immediately halted for all users.